What's next?..

A Client Account is required for purchasing licenses. To create an account, please fill out the registration form completely and accurately. You will then receive an e-mail message with the sign in information.
If you already have a registered account, please sign in to the Client Area.

Dear new client...

General Info

BFM ignore attempts on suspended accounts

Version 1.46

Feature

Finished

If a DirectAdmin User account, E-Mail or FTP account are suspended, any attempts on those accounts will be ignored by the brute force monitor if this option is enabled:
brute_force_ignore_attempts_on_suspended=1
the internal default value is 1, so it's enabled by default.
The feature knows which service is used, based on the filter match from the brute_fitlers.list, so it can figure out where to check the data.
Namely one of:
/etc/virtual/domain.com/passwd
/etc/proftpd.passwd
or the password crypt from the system call to:
getspnam (FreeBSD: getpwnam)
------
After coding it, I noticed that Dovecot already accounts for this, so this featue is somewhat redundant/non-applicable for dovecot, as the logs for dovecot for a suspended account looks like this:
imap-login: Aborted login (user disabled)
while a failed password login on a non-suspended account looks like:
imap-login: Aborted login (auth failed, 1 attempts in 4 secs)
so the filter wouldn't pick up the case for the suspended account anyway...
But should you get an "auth failed" (possibly an older version of dovecot), then this feature would work normally for that case, and ignore the entry if suspended.
------
Aside from that, this will apply to the other areas:
sshd, exim, and proftpd/pure-ftpd.
------
You may need to use this option to use the !password method of suspension, rather than the domain.com_off suspension:
http://www.directadmin.com/features.php?id=1293